Automated security testing built right into your workflow!
You already use flake8 to lint all your code for errors, ensure docstrings are formatted correctly, sort your imports correctly, and much more... so why not ensure you are writing secure code while you're at it? If you already have flake8 installed all it takes is pip install flake8-bandit
.
To include or exclude tests, use the standard .bandit
configuration file. An example valid .bandit
config file:
[bandit]
exclude = /frontend,/scripts,/tests,/venv
tests: B101
In this case, we've specified to ignore a number of paths, and to only test for B101.
Note: flake8-bugbear uses bandit default prefix 'B' so this plugin replaces the 'B' with an 'S' for Security. For more information, see PyCQA/flake8-bugbear#37
We use the bandit package from PyCQA for all the security testing.